Container Scanning: Provide correct remediation guidance for language finding found in a std lib
Current Behavior
When CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN is set to false, Container Scanning detects Go stdlib vulnerabilities in binaries but provides limited information:
- Only shows vulnerable package as
stdlib@<version> - Location only references the image path
- No binary path information
- No clear remediation steps
This behavior happens for other languages that have vulnerabilities in their stdlib too.
Expected Behavior
Container Scanning should:
- Identify the specific path of the affected binary
- Covered by #534804 (closed)
- Clearly indicate that the vulnerability is in the Go stdlib
- Provide explicit remediation guidance, specifically mentioning that rebuilding the binary with a newer version of Go is required
Impact
Users cannot effectively locate and remediate Go stdlib vulnerabilities due to insufficient information in the scan results.
Description was generated using AI
Edited by 🤖 GitLab Bot 🤖